Keeping DNS Services Safe And Operational

  /     /     /  
Publicated : 22/11/2024   Category : security


Keeping DNS Services Safe And Operational


Domain Name System technology is critical to your Internet communications. Here are some tips for keeping your DNS services -- and your data -- secure



[Excerpted from Keeping DNS Services Safe and Operational, a new report published this week on Dark Readings
Security Services Tech Center
.]
Its really easy to take a critical network service like Domain Name System, better known as DNS, for granted. After all, in most organizations, DNS usually works without a hitch and requires little day-to-day maintenance. Unfortunately, when DNS problems do surface, an entire business can be brought to a screeching halt.
Before Microsoft Active Directory forced DNS into a more prominent role in our data centers, the fallout from DNS issues often was confined to an inability to browse the Internet or use externally hosted Web applications. Back then, losing Internet access for a few hours wouldnt have been a huge deal for most enterprises. Today, when DNS goes down or is compromised, a whole host of other services and internal applications can be brought down with it--and that is a huge deal for any enterprise.
DNS isnt one of those network services that you can simply lock down and call it a day--for the Internet to function, DNS needs to be broadly available and it needs to be fast. While the inventors of DNS did not specifically cite packet overhead and speed as a concern in their original design, the selection of UDP as a transport to send and receive DNS queries was a great one because it helps ensure that the millions of queries per second being sent to certain DNS resolvers can be handled efficiently. However, the connectionless nature of DNS makes it easier for attackers to affect the reliability and availability of DNS itself.
What makes DNS defense complicated is that every organization must rely on upstream DNS resolvers and authoritative name servers to provide name services. The distributed, hierarchical nature of DNS means that we all need to rely on resolvers and name servers that are not under our control. In addition, while it seems simple on the surface or when only a fraction of its services are used, DNS is very complex. Indeed, theres a reason very large organizations have very smart people dedicated to managing DNS.
With all that said, the DNS attacks youre likely to see can be broadly categorized in two buckets: attacks on the integrity of your DNS database in the form of various DNS record hacks, and attacks on the availability of your DNS server in the form of a denial-of-service (DoS) attack.
To get a list of the types of DNS attacks your organization may encounter -- and some recommendations on what you can do about them --
download the free report on managing DNS services
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Keeping DNS Services Safe And Operational